DEV Community

Cover image for Synth CDK app to Custom Bucket
Ivan Bliskavka
Ivan Bliskavka

Posted on • Edited on • Originally published at bliskavka.com

3 2

Synth CDK app to Custom Bucket

#aws #cloudformation #cdk #devops

Some AWS customers don't use the CLI, and will not grant an external contractor CLI access. Trying to get access is a waste of time and resources. Do not fear, there is a solution!

Summary

  1. Create a client specific staging bucket
  2. Share the bucket with the client account via Bucket Policy
  3. Synth the stack to the staging bucket
  4. Share template URL with client
  5. Client can install using the URL in CloudFormation web console with their own user credentials

App Staging Bucket Policy 

{
  "Sid": "MyClient",
  "Effect": "Allow",
  "Principal": {
      "AWS": [
          "arn:aws:iam::DEV_ACCOUNT_ID:root",
          "arn:aws:iam::PROD_ACCOUNT_ID:root"
      ]
  },
  "Action": [
      "s3:GetObject",
      "s3:GetObjectVersion"
  ],
  "Resource": "arn:aws:s3:::app-staging-bucket/*"
}
Enter fullscreen mode Exit fullscreen mode

Usage

  1. Install CDK Assets npm i -D cdk-assets

  2. Customize the stack synthesizer to use your custom staging bucket

    const app = new cdk.App();

new MyApp(app, 'template', {
  someParam: 'someValue',
  synthesizer: new DefaultStackSynthesizer({
    fileAssetsBucketName: 'app-staging-bucket',

    // Use a custom role which has access to the asset bucket
    fileAssetPublishingRoleArn: 'my-client-staging-role',

    // Consider using a build date or version
    bucketPrefix: '2.4.1',

    // The client account does not need to be bootstrapped
    generateBootstrapVersionRule: false,
  }),
});

app.synth();

  3. Run cdk synth to generate your assets.

  4. Modify cdk.out/template.assets.json to make the template file name more predictable

    • find entry with sourcePath=template.template.json
    • modify its objectKey to something like 2.4.1/template.json
    • (you should probably write some code to automate this)

  5. Run cdk-assets -v -p ./cdk.out/template.assets.json publish

  6. Share your template URL with the client. It will look something like:

    https://app-staging-bucket.s3.amazonaws.com/2.4.1/template.json

  7. Client can install the app using the CloudFormation web console.

Simpler Template Output

Not sure what the side-effects of these are, but this produces a simpler template with less CDK metadata.

cdk synth --path-metadata false --version-reporting false

cdk.json 

{
  "context": {
    "@aws-cdk/core:newStyleStackSynthesis": false,
  }
}
Enter fullscreen mode Exit fullscreen mode

Conclusion

This has been very helpful for creating installers that are accessible to non-developers and usable in beginner AWS environments. I hope it save you some head-scratching!

Originally posted on my blog

profile
Datadog
 Promoted

Image of Datadog

Master Mobile Monitoring for iOS Apps

Monitor your app’s health with real-time insights into crash-free rates, start times, and more. Optimize performance and prevent user churn by addressing critical issues like app hangs, and ANRs. Learn how to keep your iOS app running smoothly across all devices by downloading this eBook.

Get The eBook

Top comments (0)

profile
Sentry
 Promoted

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Read next

094459 profile image

Amazon Q Developer Tips: No.14 Navigating through your prompt history

Ricardo Sueiras -

code42cate profile image

Day 11: Docker Compose

Jonas Scholz -

softwaresennin profile image

End to End CI/CD pipeline using GitHub Actions for Android Application

Lionel♾️☁️ -

s3cloudhub profile image

Azure Cloud Computing Platform: Unlocking Endless Possibilities 🌍

S3CloudHub -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay